VAR-201808-0934
Vulnerability from variot - Updated: 2023-12-26 23:06A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0934",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights-out 5",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "1.30"
},
{
"model": "integrated lights-out 4",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "2.60"
},
{
"model": "hpe integrated lights-out 4",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.60"
},
{
"model": "hpe integrated lights-out 5",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.30"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.03"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.13"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.11"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "1.20"
},
{
"model": "integrated lights-out 4",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "2.01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hp:integrated_lights-out:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"cve": "CVE-2018-7078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-7078",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-137110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7078",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7078",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-163",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137110",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7078",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7078",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041188",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137110",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7078",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"id": "VAR-201808-0934",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-26T23:06:01.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hpesbhf03844en_us",
"trust": 0.8,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03844en_us"
},
{
"title": "HPE Integrated Lights-Out 4 and Integrated Lights-Out 5 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83969"
},
{
"title": "Subverting your server through its BMC: the HPE iLO4 case",
"trust": 0.1,
"url": "https://github.com/cjzh781119/security-blog "
},
{
"title": "Subverting your server through its BMC: the HPE iLO4 case",
"trust": 0.1,
"url": "https://github.com/airbus-seclab/ilo4_toolbox "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041188"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03844en_us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7078"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7078"
},
{
"trust": 0.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03844en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/cjzh781119/security-blog"
},
{
"trust": 0.1,
"url": "https://github.com/airbus-seclab/ilo4_toolbox"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137110"
},
{
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-137110"
},
{
"date": "2018-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"date": "2018-08-06T20:29:02.163000",
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"date": "2018-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137110"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7078"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008904"
},
{
"date": "2018-10-05T13:28:21.693000",
"db": "NVD",
"id": "CVE-2018-7078"
},
{
"date": "2018-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HPE Integrated Lights-Out 4 and HPE Integrated Lights-Out 5 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…